Hostile Environments

I use the term "hostile" to characterize an environment in which there are
entities that are not necessarily trustworthy or trusted. The Internet is
a hostile environment for a networked device; Earth is a hostile environment
for a life form; whereas, one's own home might not be considered hostile.

In a hostile environment, untrusted entities might use any of a number of
strategies to gain, and then exploit, trust. Examples include trojan horses
(software claimed, or claiming, to do one thing, when in fact it does something
else, when run on a victim's computer, that would not normally be desired by that victim)
and false authorities (people who claim to have
expertise or authority in order to obtain undue authority over others, extract
resources from them, and so on).

Therefore, it is important to tag and validate input from any untrusted
entities: tag it as being from an untrusted source (ideally, keep track
of the source); and validate it prior to using it in any way that presumes
it is in any way trustworthy.

In software systems, the flexibility of the underlying system can "collide" with
the need to tag and validate input, with disastrous results when the failure to
validate allows an untrusted entity to exploit the system's underlying flexibility.

Some systems attempt to validate input in ways that make things worse:

In SMTP-based email exchange,
Challenge/Response systems are a cure that is worse than the disease.

The "hypodermic needles in Pepsi soda cans"
debacle. The "input" — the original claim that a needle was found in a freshly-opened
can — was not sufficiently validated prior to being widely circulated. This
apparently led to numerous people, not necessarily connected with each other in
any way, learning of the claim and taking advantage of it by claiming to have
"independently" verified it by finding a needle, or other similar item, in a
can they bought.